I'm setting up a small app using AWS-amplify.
Due to the the queries I needed to perform I needed to use a SQL database. I've therefore made an Aurora database and connected in to my amplify graphql API via the "amplify api add-graphql-datasource" command.
This generates the cloudformation templates for the resolvers to perform basic CRUD operations on the Aurora DB.
I wanted to perform some dynamic queries like:
"SELECT * FROM Question Where type = {ctx.input.type}"
How do I protect the gql input from sql-injection attacks?
Does VTL have a custom function which will escape these inputs? - or alternatively throw an error if a special character exists?
I know i could setup either write all of this logic in the vtl resolver or create a pipeline resolver that does all of this in a node lambda but just wondering if there is a simpler solution.